Computing Applications Letters to the editor

Inspire with Introductory Computer Science

  1. Introduction
  2. More for the Practitioner, As in Web Site Design
  3. To Motivate CS Students, Connect with People in Need
  4. With an Advisor Like Patterson...
  5. Educating Computer Scientists About Social Science
  6. Cold Boot, a Surprise for Unsuspecting Users
  7. Equal Opportunity Support for All
  8. More on Browser Security
  9. Footnotes
letters to the editor illustration

Mark Guzdial’s Viewpoint "Teaching Computing to Everyone" (May 2009) was interesting reading but included several implications, possibly unintentional, that should be corrected. For example, one potential benefit of contextualized computing is that it allows coursework students may find more attractive and relevant, but Guzdial seemed to imply that DrScheme and How to Design Programs (HtDP) cannot be used with such coursework. In our experience, this is not the case; our students are attracted and very engaged by HtDP’s evolving teaching libraries. For example, students using HtDP can write interactive graphical programs from week one in a first-semester programming course without sacrificing computing fundamentals.

Libraries will soon enable them to write applications for their cellphones and embedded hardware. We look forward to experimenting with these domains in our introductory programming courses. The rich variety of contexts the HtDP community provides (and is continuously developing) excites students, and they enjoy our HtDP-based courses.

Another implication was that DrScheme and HtDP were unsuitable for non-major and female students. We found this surprising, as it is not our experience in our three very different settings. DrScheme’s language levels and simple syntax seem to reduce student frustration in getting started with programming, and HtDP’s design recipe approach gives them a roadmap, from problem statement and blank screen/page to a working solution. The language levels are particularly effective at reducing syntax errors by introducing new programming constructs only as the need for them arises. Both our major and non-major female students have taken quite well to this environment and approach.

Some of us are also beginning to see higher retention rates thanks to HtDP.

We were delighted to see more attention on introductory computing courses. They play a critical role in how students use, perceive, and understand computing and computer-based technology. It is important that they be well-designed, empowering students to use computing both in and outside the classroom.

Marco T. Morazan, South Orange, NJ
Marc L. Smith, Poughkeepsie, NY
Sharon Tuttle, Arcata, CA

Author’s Response:

DrScheme (and its libraries) is undoubtedly one of the best programming tools for students. It inspired our Python tool, JES. To make contextualized education work, you need a language and libraries that provide the opportunity for context, a curriculum that provides examples, and lectures that support the context, as well as a course that takes advantage of these opportunities and supports. Our experience at Georgia Tech missed some of these elements. I now anticipate using DrScheme to create a great contextualized computing course.

Mark Guzdial, Atlanta, GA

Back to Top

More for the Practitioner, As in Web Site Design

Kudos to Steve Souders for his article "High-Performance Web Sites" (Dec. 2008). While many of the techniques he mentioned are indeed commonsense for Web site developers—reduce the number of HTTP requests and remove duplicate scripts—what impressed me most was that such a useful article made its way into Communications at all. In the seven years I’ve been a member of ACM, I’ve found most of its articles to be news-related or theoretical in nature. It’s about time Communications recognized that membership includes not only researchers but also those of us keeping businesses operating by applying the theories developed in the lab and outlined in the technical literature. Please keep publishing such informative, useful articles for those of us who are practitioners.

Bryan R. Meyer, Pittsburgh, PA

Back to Top

To Motivate CS Students, Connect with People in Need

Two contributions (both in Apr. 2009), "Computing Education Matters" by Andrew McGettrick and "IT and the World’s ‘Bottom Billion’" by Richard Heeks, covered urgent problems computer scientists can help address. The former involves making computer-related education more attractive for both prospective and current students, the latter for helping the Fourth World develop itself. Students are typically of an age when altruism could be a driving force in their lives, and showing them how IT helps people in the Fourth World would add to their motivation.

To evaluate such ideas, my students and I began a project last October to provide critical information during obstetrics procedures in remote parts of sub-Saharan Africa. Obstetricians there rarely have access to current best practices, so our system gives them current information related to the APGAR scores of newborn babies. An international team of students—from Australia, China, Germany, and Switzerland—weighed the various aspects of information delivery, from usability and battery life to selective data persistence on mobile devices with limited connectivity. The project showed them how to use their knowledge and inventiveness to help others. Microsoft lent extensive support and invited them to the Imagine Cup competition. A number of NGOs also suggested ways to extend the project. We now invite Communications readers to participate by sharing their own ideas and imaginations.

Vladimir Stantchev, Berlin, Germany

Back to Top

With an Advisor Like Patterson…

Congratulations to David A. Patterson for his warm, supportive, effective model for mentoring graduate students he explored in his "Viewpoint" "Your Students Are Your Legacy" (Mar. 2009). With appropriate changes based on the substance of study, the model is extensible well beyond CS. Patterson’s legacy is indeed well deserved. I only wish he had been my advisor when I was in graduate school.

George Sadowsky, Woodstock, VT

Back to Top

Educating Computer Scientists About Social Science

The Viewpoint "Computing as Social Science" (Apr. 2009) by Michael Buckley was not really about social science, but about social service, which is quite a different thing. This is not a mere quibble. In 20 years of work with computer scientists, I have often had to start from the beginning, educating them about sociology—and the social sciences—as analytic disciplines.

Barry Wellman, Toronto, Canada

Back to Top

Cold Boot, a Surprise for Unsuspecting Users

The article "Lest We Remember: Cold-Boot Attacks on Encryption Keys" by J. Alex Halderman et al. (May 2009) took me back to my student days in the 1970s when I discovered that the Control Data Kronos operating system had a similar vulnerability. One could access other users’ passwords by running the command-line tool to change passwords followed by the debug tool to "dump core" to a file. The privileged password utility could read the system password file to perform its function, but because it didn’t "zero out" the RAM disk buffers before it terminated, the nonprivileged memory dump utility revealed the IDs and passwords of many other users.

Bruce Wallace, Ooltewah, TN

Back to Top

Equal Opportunity Support for All

You wouldn’t expect a woman CS department chair and a 1960s liberal to jointly criticize an article promoting women in computing, but we were disturbed by some aspects of the cover article "Women in Computing—Take 2" (Feb. 2009).

Much of the it was devoted to a set of excellent suggestions for creating and nurturing CS careers, from initial childhood exposure through gaining tenure at a research university. But why were these suggestions covered in an article limited to women in computing? Nearly every suggestion applies equally well to any demographic: underrepresented minorities, people with handicaps, low-income people, plain old white males. (There were a few exceptions, such as "send students to the Grace Hopper Conference" or "join CRA-W," but other career-advancing conferences and organizations can be substituted with the same overall message.) We would advise anyone considering a career in CS, or anyone in a position to nurture a CS career, to pay close attention to the good ideas in the article, while disregarding its focus on women.

For example, it suggested that introductory CS students should program in pairs. We like this idea very much for a number of reasons, none concerning gender. One might think intuitively that female students in particular prefer pair programming. However, from the statistics provided by the cited study, there is an even more positive influence on males than on females. (That is, the technique had a slightly better chance of motivating any given reluctant male to continue in CS than of motivating any given reluctant female.)

At the junior-professor level, the article suggested less teaching for the first two years, sufficient startup funding to support graduate students, help writing grant proposals, and being clear about what is expected to gain tenure. Aren’t these strategies appropriate for all junior faculty? Should females be granted such departmental support while males are denied? We certainly hope not.

There’s no question that women have faced obstacles over the years when choosing and building careers in CS, as well as in other fields. Still, an article providing sound general advice, while limiting it to women, is not an appropriate solution.

Jeffrey D. Ullman and Jennifer Widom, Stanford, CA

Back to Top

More on Browser Security

Our article "Security in the Browser" (May 2009) included a paragraph with some unintended inaccuracies concerning the Cross Site Reference Forgery or Cross Site Request Forgery (XSRF) attack. XSRF leverages established session state in the browser. Also, if a user is authenticated into a Web site and the attacker somehow generates a URL to that site from the same browser, it may be authenticated as well. This is true for several types of authentication mechanisms, including session cookies. This type of attack does not require multiple tabs and has been around for a while, but tabs give it a new dimension, since more and more users keep multiple tabs open that are potentially authenticated to important (or high-value) sites. If a user logs into a bank and then in a separate tab goes to a page that somehow sends a malicious URL to the bank, that URL may be authenticated and able to perform actions on the user’s bank account without the user’s knowledge or consent. What we were attempting to show is that sometimes features have unintended security implications, an issue applicable to all major browsers.

While we regret this error, the article’s original thrust is the same—that browser security issues are complex, more so every day, and the risks they pose are not to be taken lightly.

Thomas Wadlow, San Francisco, CA
Vlad Gorelik, Palo Alto, CA

Back to Top

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More